I cannot accept a device management policy on my phone that has remote wipe and whatnot capability that also affects user data. It is unacceptable as a tradeoff to gain corporate interest for SFOS in my opinion.

Then good bye corporate uptake of SFOS.

I really wish people at least tried to see things from the other side before they blurted out their holy truths. Imagine you were the company owner. Would you risk your company's trade secrets by allowing your employees to use insecure devices, without encryption and remote management including wipe? If you did and they left the phone on the train, you would have only yourself to blame.

Different hardware for work and pleasure is the obvious answer.

__________________In particle accelerators atoms are indeed not only touching each others. But banging together in a massive explosive orgasm.
-- nieldk in a TMO post

"Encrypt user data" (Accepting this will encrypt all user data stored on the device. This is an irreversible change and you will need to enter a lock code on all future boots in order to access your data.<br><br>If you accept the device will reboot automatically and you will be prompted for your lock code before encrypting your data. This may take as long as an hour and your device will not be usable again until the encryption has completed.)

I wonder how this is implemented - it basically means they will probably do in place conversion from unencrypted volume to an encrypted one as they can hardly leave enough place free to make it possible to create a new ecrypted volume of same size as the current one and copy the current data to that. Apparently there is a tool to do in-place LUKS conversion, so maybe they are going to use that. Or they could setup LUKS by default and just set the encryption key once requested (& possibly reencrypt the data with it).